Slashdot Mirror
U.S. Gov't To Use Full Disk Encryption On All Computers
To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers. "On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
I mean, if you have nothing to hide, you have nothing to fear, right?
Well, on the one hand, it's a good idea to encrypt machines that contain sensitive data.
On the other hand, this is just a bandaid on their terrible information policy...The reason that they have to encrypt a zillion machines is because they store sensitive personal data on a zillion machines. Then there are multiple operating systems, levels of security, etc. All this means that compromising one machine will still be pretty easy, because when you have encryption on the crappy desktop in the mailroom where everyone surfs porn, you stop taking it seriously.
They could kill the whole problem by centralizing their data stores, and developing some secure web interfaces across enhanced encryption. That way, instead of trying to encrypt every machine, you could encrypt 50 data centers and control access locally...Hell, if I were the government I'd push all my software needs toward think clients and terminal services anyway...The average user doesn't need more, and that makes all your security problems more managable.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
In order to prevent the loss of pass-keys to these machines (and the resulting loss of important information,) users will be required to keep a copy of the pass-key taped to the bottom of their computers.
Why full disk encryption and not just the home directory??
Because software frequently puts sensitive data in files outside your home directory.
Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??
Linux supports full disk encryption. If OS X doesn't, well, it should, since home-directory-only encryption is not particularly secure.
Let me guess. The contract goes too....
Halliburtons new encryption subsidary.
Founded in 2006 by some guy who read a book on encryption.
What about page files/swap space, application generated temporary files etc. There are plenty of places that potentially sensitive information could leak into on just about any OS.
You've got to check out my hot new encryption scheme, I call it Rotational Oscillating Telecode no. 13. Fill your tubes with this stuff and I personally guarantee it foolproof against criminals and terrorists and journalists in every single test performed in my personal data-protection laboratory (my basement) with highly alert and cunning test subjects (my cats.)
Bidding starts at $47 Million.
Slashdot Burying Stories About Slashdot Media Owned
From the requirements:
Truth be told, this doesn't really say that much ... 'It is important if you support multiple' - what does that mean?
I hear there's rumors on the Slashdots
It's not about having something to hide, it's about protecting the info present within. How many gov't laptops containing personal information of citizens or groups have been stolen in recent history?
Large corporations that deal with private data from their customers should also be required to use full-disk encryption as well. In fact, I recommend some form of encryption for sensitive data to everyone.
"Lame" - Galaxar
Granted, it should be spent regardless as government information about private citizens (i.e., social security numbers) should be protected at all costs
Well, this should be fully analyzed to see whether it's actually going to protect anything, or whether it's just "Something must be done! This is something my brother who runs this one company told me about, therefore we must do it!" For instance, laptops are involved in the majority of data loss cases. If someone suspends a laptop and sets it down somewhere, will the OS purge the key from memory so that when Evil Dude picks it up he can't simply resume with full access to the drive? What about cases where people close the lid thinking the laptop will automatically hibernate, but for whatever reason it doesn't?
Here's a thought for you: how much would it cost me to get the government to quit putting sensitive information on so many laptops?
If I have been able to see further than others, it is because I bought a pair of binoculars.
I wonder if the computer owner will have to supply the decryption keys when in British soil...
That reminds me, whatever became of that ARPANET thing they were all talking about way back?
Real Daleks don't climb stairs - they level the building.
I'm sorry, I should have said, this is in AMC ( Air Mobility Command ) within the AIr Force. The rest of the Air Force may be the same, but I don't know that.
If you want news from today, you have to come back tomorrow.
...at the moment. I'm hip-deep in user handholding and re-imaging crashed machines. Here are a few random points, dashed off quickly. If anyone has any questions, feel free to post.
The June 23 White House memo had a 45-day deadline. Everyone has already blown the deadline.
Big props to WinMagic for their marketing. They've been all over the government computer press for the last 1-2 years with press releases and random mentions that make it appear they are the only workable solution. As a result, the agencies that jumped on the bandwagon in time to meet a (seemingly common) end of year deadline have grabbed their SecureDoc software and started installing. My experience with it has been semi-OK. Given that the software is touching every single file on every machine that leaves our physical space, the number of screwups has been acceptable at less than 2%. Our most widespread problems have mostly been a result of insufficient server capacity to deal with all the machines being encrypted at the same time within the last couple of weeks. Whether that was a result of us going cheap on the server side or WinMagic promising that the servers could handle a bigger load than is actually the case, I don't know. I suspect it's a bit of both. Still, things are slowly working out, even if our frontline support staff is going to wind up losing, literally, a month of productivity to the project.
A bunch of the requirements on that DOD checksheet are being ignored by civilian agencies. With no PKI infrastructure in lots of places, plenty of things have to be done "hands on" and the ability to do things like silent installs is out the window.
A bunch of the names on that vendor list are just resellers and of little interest to the slashdot crowd. What's more interesting is the list of products that do the job. THAT list is much, much shorter.
I haven't heard of anyone doing their encryption in hardware, which irritates me. I use hardware-encrypted drives at home and I was looking forward to doing the same thing at work. There is a widespread rumor in my agency that 2 or 3 generations of computer refreshment down the road, we'll transition to encryption in hardware. I hope so.
I work for a multinational corporation with more than 10 K laptops, we decided to use full disk encryption more than 5 years ago.
:-(
At that time we found just 5 vendors who were qualified to deliver (after an initial pre-qualification round), and we invited them all to a specially setup testing lab: Of these 5 vendors, 3 were selling pure snake oil (encrypt the partition table and/or root directory only), it took less than 5 minutes to break into each of these.
Nr 4 seemed a lot better, but after 20 minutes work I found the crucial 'compare password, JE decrypt' sequence in the driver, and we were in.
Only the final entry (from a german company) had understood how you design a product like this:
First you encrypt, using your preferred symmetric key algorithm (AES-256 these days?), all sectors on the disk. You use some form of hash of the logical sector number as a salt when encrypting, this makes each block unique, even those that contain the same 'FDFDFDFD' freshly formatted pattern. The key you use for this is the master disk key, it is a random number generated during installation.
Next you make a small table, with room for at least two entries: User and admin.
The user entry can be modified as often as you like (we default to slightly less than once/month), while the admin key/password is constant, but unique to this particular PC.
Each password (user/admin) is used as the key when encrypting the master key, which means that there is no way, even for the crypto architect, to recover the master key without knowing at least one of these passwords. (The passwords are never stored anywhere on the disk of course!)
The admin key/password is saved both as a printout and on disk on a secure system (without any form of network connection), so that you can use it each time a user manages to forget his/her user disk password.
There are lots of nice to have features as well, one of the more important is the ability to use a challenge/response setup to safely regenerate a user password remotely, without ever having to transmit the relevant admin key. This does require some kind of side channel to verify the identity of the user who owns the particular laptop: We use a combination of RSA's SecureID cards and the user's cell phone for this (each user has such a card to be able to use the corporate VPN connection which requires strong authentication).
Terje
"almost all programming can be viewed as an exercise in caching"
Good question. I'd guess no. Part of the allure for the gov't in contracting out to private firms is that the gov't can delegate accountability to the contractor. "It wasn't our fault the terrorists/indentity thieves/Germans got the personal details of every registered voter/sex offender/childcare provider in Idaho, it's the fault of ACME Inc. They told us they were secure! It's right here in their sales pitch document! Let's lynch 'em!"
I have been using this on my laptop; its free and seems to work well with no noticable
loss of speed.
http://www.freeotfe.org/docs/index.htm
In most orgs nowadays users no longer have admin rights on their machines and therefore cannot write outside of their $HOME (or whatever it's called in Windows). Granted there are still lots of places where this basic security policy isn't implemented but they are thankfully fewer every day (although their number will likely never drop to zero).
/tmp and the swap file(s) are two problematic areas that should be addressed by a comprehensive cryptographic solution. I wouldn't be surprised if several Windows products neglected to encrypt those.
However as other contributors rightly pointed out,
May contain traces of nut.
Made from the freshest electrons.
How this will probably work is the end solution uses a smart card to do some authentication and key storage.
All gov't employees will at some point get an ID card similar to the Common Access Card. This will have a number of public keys on it. One of which probably decrypts their workstation.
The U.S. gov't is building the capacity to issue millions of smart cards on their own. See this: http://www.fcw.com/article94813-06-07-06-Web There was a proper publicly available contract up for bid for this project but it wouldn't surprise me if it has been pulled in favor of a no-bid award.
Before anyone says, "Well it should be a secret! What if the terrists get a badge?!" There are two things to remember.
1. Lots of bad people have proper ID in their country of choice. Identification has little if any relationship to their activities. The failure points remain the usual human factors out in the field.
2. There's no need for secrecy in the production environment. Every half-decent perso system/PKI properly manages such an obvious point of failure. If a Visa-certified card plant can manage to keep track of 10's of millions of cards anyone can. It's not rocket science.
I for one welcome our fully encrypted overlords.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Maybe things are so mixed up on Windows that you need full disk, but on OS X, Linux, and other Unixes it should be sufficient to encrypt only the home directory of users.
should be? You gonna personally guarantee that every possible Linux and Mac application store all of their information in the same place? If we're talking "should be"'s, then there wouldn't be this problem in the first place, because no sensitive data should be stored on laptops that walk out of buildings. "Should be" is what causes these problems in the first place.
This is absolutely the right thing to do.
I can however confidently predict that since a very large number of people are involved in making the decision, the worst possible product will be chosen.
So it won't be TrueCrypt, or something decent - it'll be something like the latest commerical version of PGP.
Sooo, I wonder if the encryption keys will be set like ICBM launch codes, all at "000000"???
At my intitution were worried about all sorts of personally identifiable information. There does not seem to be any quantitative guidelines for this. Even one SS number is apparently too much. And it's not just the info I might be aware of but the info that might be there that I'm not aware of that counts too. For example, if someone sends me a resume. Even if I never read it, It might contain birth dates and other personal info. Hence I need to protect all the e-mail.
Now the hackles being raised are that this means we can't use Macs and maybe not linux since there are no acceptable enterprise-worthy full disk encryption systems. If you know of some, expecially for macs please reply with details below. But the term "acceptable" and "enterprise-worthy" matter a great deal. You can't just go installing full disk encryption based on some open source solution that might or might not get updated to work with the next version of say debian or fedora in a timely way. It has to have a method of key escrow that is usable. etc...
Hence people are looking to windows.
Another raging argument is what full disk encryption means. Surely something like mac's built in encryption of home directories and if need be combined with secure virtual memory would be sufficient to protect anything but very critical information. The answer we are hearing is No and "maybe". We are beinf pushed to use Entrust which all users I have heard from say is a disaster. There's going to be huge data recovery issues. And I don't see it as likely that Entrust will always be assured of working across OS upgrades
Personally I'd prefer to see encryption done in a transparent hardware layer.
In the long run this going to be good for the branded commerical OS, and the Linuxes backed by commerical vendors. The reason is that in the end you'd have to be pretty stupid to encrypt your whole disk with anything not supplied by the OS vendor because it simply has to work right under all circumstances and there simply has to be one person you can call when it fails. It woul dbe intolerable to have to have the OS vendor say well it's not our problem and the encryption vendor saying they are trying to work with the OS vendor to figure out why the kernel upgrade broke it.
And when it does break after you hit the "Software update" button or worse corporate HQ pushes the update overnight to your computer there is no failsafe mode! the computer won't boot. Corprorate HQ can't even contact your computer to undo the problem after the reboot. you can't even donwload a patch from the vendor or let them know it was broken. You can't even look up their phone number. Nor can you go to your neighbors computer to download a patch since his machine is broken too.
Other arguments people are unsure of
1) is home directory encryption enough
2) what about removable media?
3) what about FAT tables?
4) boot tracks?
5) virtual memory?
The fact that this order is zero tolerance with no asseement of risk seems to prove it is ill conceived.
It's a stake through the heart for all non-comercial linux
Some drink at the fountain of knowledge. Others just gargle.
Not a troll. If your system is appropriately configured, you (and your applications) won't be *allowed* to save things anywhere on the local drive other than your home directory. Temp and swap space are also good candidates for encryption -- but putting temp space in a ramdisk and encrypting swap is a pretty reasonable way to do this. Anything other than those should be code, not data -- and thus nonsensitive. Why spend the cycles to encrypt and decrypt without a need to do so?
All that said, I think that giving a contract like this to a commercial vendor developing proprietary software would be... unfortunate. Funding addition of missing, necessary features to TrueCrypt would be a one-time expense (rather than one which scales with the number of systems deployed), and would benefit the private sector as well.
Of course it is. But I always log in as root, 'cause if I don't the system always bitches about "Only root can do that." Never used to have this problem in Windows. :-)
"Consistency is contrary to nature, contrary to life. The only completely consistent people are the dead." A. Huxley
Among the requirements is "For FDE, allows multiple users of same laptop or device using DoD CAC for boot authentication by each user," "Allows administrators to provide remote assistance to users who are locked out, and "Allows for decryption and uninstallation of encryption solution by a system administrator only." This means that every device will have multiple keys protecting the data (a user key and an administrative key at the very least) to allow the data to be retrieved. Otherwise, the government could not pursue its own employees in the situation where it needs to develop a case such as espionage.
You can never go home again... but I guess you can shop there.
I work for a multinational corporation with more than 10 K laptops
Just wanted to give you a reality check:
If you work for a company like that and know this technology to the level you are describing in this post, you should leave your employer to start your own company providing this solution. There's no way you're getting paid at a multinational corporation as much as you would make in your own (successful) company. If you had launched your company back when you had performed the aformentioned evaluation, you'd probably have enough progress with your own product to pitch it in this govt. bidding process.
Not trying to criticize you. Just trying to inspire people.
Seth
$5 / month hosted VPS on linux = awesome!
Fist you give them Quad-Core AMD/Intel 3GHz Cpus
Then you give them Ultra-speedy flash memory HDDs and lots of Ram
And only then can you find back that speed feeling you had when you first launched Win95...
BTW, you forgot something :
"each file is decrypted, scanned" then encrypted again into a secure memory heap with a random location in Ram then reinterpreted and decrypted from memory by the CPU for processing "and then viewed" on a secured, shielded screen that itself is decrypting the secured data transmission from the HDMI so you can't divert the data to a VCR/PVR.
Also you are using a laser-interrupt shielded keyboard with a white noise generator, so we cannot infer the electromagnetic blip from hitting a key or reconstruct the words from typing noise frequency, a hardened mouse so you can hit and strangle the person who tried to read above your shoulder all that super secure multi-encrypted BBC newsfeed you have on your 7 vision angle screen.
Gosh I hope you also encrypt all internal network traffic with a multi-gigabit differential quantum thingy. that all you network equipment is in the hardened nuclear bio hazard bunker, with all Cat 10 titanium head hardened Ethernet cables screwed/glued/welded to the unapprochable High Voltage Switch (220 V on the inside, 10000V on the outside).
BTW, now that we finished securing you infrastructure, can you please remind me what OS you are using ?
[evil joy] MU HAH HAH HAH HAH [/evil joy]
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
There's a myth out there that the hardest part of technology is understanding the technology. That's certainly a part of it, but there's a lot more too it than that. You have to have funding or know how to get funding. You have to know how to run a company, or find someone that does. You also obviously have to take a lot of personal risk.
Maybe the GP has all those skills and is willing to take the risk, maybe he doesn't. The point is though that the lure of making more money, or having more control over the product isn't necessarily enough.
AccountKiller
But there's only a couple of IT contractors who handle stuff like this.
People need to understand this. Government rules, regulations and procedures disqualify most possbible bids. Only those companies *specialized* in government contracts get these jobs. In addition, the margins on these jobs are so small, that larger companies have a huge advantage in the bidding process. Throw in several layers of lawyers and you end up with a system several realities removed from any semblance of a market.
Don't blame me, I didn't vote for either of them!
It's a stake through the heart for all non-comercial linux.
... and now we're talking about a critical change affecting hundreds of thousands of computers running everything from Windows to Unix to DOS, implemented across multiple bureaucracies and departments. My guess is that it's going to fail, fail on a massive scale, and that it's going to result in far more data loss and operational disruption than the people in charge of this impending train-wreck are willing to admit (or will ever be held accountable, which is just too bad.)
Not necessarily. You're assuming that this gigantic government-mandated undertaking is going to work. I think that is a mistake.
Ask yourself how many times such major overhauls have ever worked right, when the Feds are in charge. The FBI botched a big upgrade, the IRS is still botching theirs, the FAA botched theirs
When all is said and done Linux. branded or otherwise, will be damned lucky not to be too heavily involved, and may come out looking pretty good.
The higher the technology, the sharper that two-edged sword.